NATIONAL INSIDER THREAT SPECIAL INTEREST GROUP - NITSIG

 

HOME   ABOUT US   MEMBERSHIP  CHAPTERS   MEETINGS   PUBLIC SPEAKING

 INSIDER THREAT NEWS E-MAGAZINE

INSIDER THREAT SURVEYS, REPORTS, INCIDENTS

INSIDER THREAT RISK MITIGATION RESOURCES

INSIDER THREAT SYMPOSIUM & EXPO

INSIDER THREAT RISK MITIGATION VENDORS 

SPONSORS   PRESS RELEASES   CONTACT US

 

 

 

Protecting Controlled Unclassified Information

 

 

Controlled Unclassified Information (CUI) Overview
CUI is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies, but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended.
More Information
ISOO 2016 CUI Notice And Implementation Guidance

 

 

CUI Oversight
On November 4, 2010, the President signed Executive Order 13556, “Controlled Unclassified Information” (the Order). The Order established a program to standardize the way the executive branch handles unclassified information that requires protection in accordance with law, regulation, and/or Government-wide policy. The Order designated the National Archives and Records Administration (NARA) as the CUI Executive Agent to implement that program. NARA designated the Director of the Information Security Oversight Office, (ISOO), a NARA component, to exercise these responsibilities on its behalf.

 

 

Below are various resources to assist you with developing, implementing and managing a Controlled Unclassified Information Protection Program...

 

 

ISOO CUI GUIDANCE AND RESOURCES

CUI Policy And Guidance
https://www.archives.gov/cui/registry/policy-guidance

ISOO Presentation CUI Overview - Feb 2018

Key Elements Of The CUI Program
https://www.archives.gov/cui/key-elements.html

CUI FAQ's
https://www.archives.gov/cui/faqs.html

CUI Registry - What Is Considered CUI?
https://www.archives.gov/cui/registry/category-list

CUI Marking Handbook
https://www.archives.gov/files/cui/20161206-cui-marking-handbook-v1-1.pdf

Other CUI Marking Resources

CUI Marking Trifold Brochure
CUI Audio, Photography And Video Markings Brochure
CUI Destruction Label
https://www.archives.gov/cui/additional-tools

CUI Cover Sheets
https://www.archives.gov/files/cui/documents/20170608-cui-coversheet-of-901.pdf

CUI Program Blog (Subscribe For The Latest News)
https://isoo.blogs.archives.gov
 

 

CUI SECURITY CONTROL REQUIREMENTS
NIST SP 800-171 focuses on protecting the confidentiality of Controlled Unclassified Information (CUI) in nonfederal systems and organizations, and recommends specific security requirements to achieve that objective. The requirements recommended for use in SP 800-171 are derived from FIPS Publication 200 and the moderate security control baseline in NIST Special Publication 800-53 and are based on the CUI regulation (32 CFR Part 2002, Controlled Unclassified Information).

NIST SP 800-171: Protecting Controlled Unclassified Information In Nonfederal Systems And Organizations
NIST SP 800-171 Security Controls Assessment Questionnaire
NIST SP 800-171 Security Controls Implementation Status Worksheet

 

 

CUI TRAINING
ISOO CUI Training
Protecting CUI In Nonfederal Systems And Organization NIST SP 171 (CSIAC Webinar)
 

 

DFARS RULES GOVERNING CONTROLLED TECHNICAL INFORMATION / CUI FOR THE DOD

DoD Briefing: Protecting DoD’s Unclassified Information (DFARS 252.204-7012)
DoD Memo: Implementation Of DFARS 252.204.7012 - Safeguarding Covered Defense Information And Cyber Incident Reporting
DoD Manual 5200.01 - Volume 4: DoD Information Security Program - Controlled Unclassified Information
Cybersecurity In DoD Acquisition Regulations

 

PROTECTING CUI BEYOND COMPLIANCE REQUIREMENTS
Visual Hacking Is Highly Successful At Getting Sensitive Data
Protecting CUI Beyond Compliance Requirements - Simple Techniques For Data Theft

Combating The Insider Threat To Information Systems And Networks
Best Practices for Protecting Your Data When Employees Leave Your Company

 

PROTECTING SENSITIVE INFORMATION
DHS Handbook For Safeguarding Sensitive Personally Identifiable Information
Data Lifecycle Security Overview - Protecting Data From Creation Till Destruction

 


DATA BREACH RESPONSE GUIDANCE
Experian - Data Breach Response Guide
LifeLock - Best Practices For Handling A Data Breach
Data Breach Response Checklist
 

 

EMPLOYEE HIRING / BACKGROUND CHECKS / SEPARATION

Employee Hiring / Separation / Background Investigations

The Safe Hiring Manual (2017 Edition-By Attorney Lester Rosen)

Online Safe Hiring Certification Training Course (By Attorney Lester Rosen)

Background Checks - Common Ways Prospective Or Current Employees Sue Employers Under The FCRA

Ten Potential Dangers When Using Social Media Background Checks

Supervisors Guide To Employee Separation

 

 

EMPLOYEE CONTINUOUS EVALUATION AND REPORTING

Continuous Screening of Employees Will Gain More Acceptance as Critical Post-Hire Due Diligence Tool

Endera EBook: 5 Reasons Background Screenings Are Obsolete

Endera Employee Continuous Monitoring Service Overview

Endera Employee Continuous Monitoring Service (Free Demo)

CLEAR Online Investigative Platform Investigation By Thomson Reuters

IDI Employee Risk Management-Investigation Solutions

TLOXP Employee Risk Management-Investigation Solutions By Transunion
 

 

 

 

 

 

Copyright © 2014 - National Insider Threat Special Interest Group ™ - All Rights Reserved - Legal Notice